enhanced dn parsing; see libraries/libldap/dntest for a 'demo'. Need to define USE_LDAP_DN_PARSING to override usual ldap_dn2ufn and so, and PARSE_UTF8 to parse attribute values as utf-8
Kurt Zeilenga [Fri, 26 Oct 2001 02:05:14 +0000 (02:05 +0000)]
First stable an implementing latest namedref specification.
Includes rewriting of URLs where the DN of the referral object
and the DN of the ref attribute attribute are not the same.
Also, always returns explicit DN and scope.
Currently, back-ldbm only. Needs to be ported to back-bdb.
Kurt Zeilenga [Thu, 25 Oct 2001 06:18:11 +0000 (06:18 +0000)]
Root DSE and subschema subentry compare.
Developed by Steve Omrani/IBM
Copyright IBM Corp. 2001
Use of this source code is subject to the terms of The OpenLDAP
Public License Version 2.7, 7 September 2001. No trademarks of the
IBM Corporation are to be used to identify, endorse or promote any
products derived from this code without the prior written consent
of IBM.
Kurt Zeilenga [Wed, 24 Oct 2001 21:26:32 +0000 (21:26 +0000)]
Use allids instead of candidiate negation for !. (ITS#1405)
Use presence indices in support of >= and <=.
(Note presence indices could be used to support = and substr in
like fashion where eq and substr indices are not maintained, but
I'll save that for another day.)
Kurt Zeilenga [Tue, 23 Oct 2001 23:29:41 +0000 (23:29 +0000)]
Use defined Root DSE attributes.
Developed by Julius Enarusai/IBM
Copyright IBM Corp. 2001
Use of this source code is subject to the terms of The OpenLDAP
Public License Version 2.7, 7 September 2001. No trademarks of the
IBM Corporation are to be used to identify, endorse or promote any
products derived from this code without the prior written consent
of IBM.
And this change implements indexing for certificateExactMatch. Now
you can search efficiently the directory for a certificate.
Notice that we index certificates just as serial integers. A full
index should combine the issuer DN too, but I think in most scenarios
that would be extremely redundant and of little benefit. We can add
an option later to do full indexing.
No code change, added a comment warning of a possible future difficulty.
Apparently, we refuse to index ;binary attributes. That is mostly
bogus. Whether it is indexable or not depends on whether we know how
to or not, nothing more. I.e., the existance of indexer and filter
functions for the matching rules that are relevant to the attribute
type.
When checking if an entry matches some filter, we have the list of
values as stored in the entry on the one hand and an assertion value
that is not necessarily of the same syntax. So tell value_match this
is the case by setting SLAP_MR_VALUE_IS_IN_MR_SYNTAX in flags.
Extend value_match to extract an asserted value from a full value
if needed. This is controlled by SLAP_MR_VALUE_IS_IN_MR_SYNTAX,
a new flag that should be set when evaluating filters such as in
searches and compares and unset otherwise (such as in modify).
Now, some callers of value_match, notably value_find, don't know
whether to set it or not. We'll see to that.
Add a flag to help the value_* functions know whether they are seeing
a full value (in attribute type syntax) or a value in the syntax of
the matching rule (as happens in filters).
Howard Chu [Mon, 22 Oct 2001 13:23:05 +0000 (13:23 +0000)]
Moved AttributeDescription caching into main code:
Changed AttributeDescription.{ad_cname,ad_lang} to struct berval everywhere
Deleted ad_free() everywhere
Added ad_mutex to init.c
The AttributeDescriptions are in a linked list hanging off of the
corresponding AttributeType.
It now sort of works, but needs some normalization work and proper
error reporting to client and syslog. And indexing, of course.
Now, the problem is that matching rules get called from different
places that are inconsistent in what an assertedValue is. When doing
a modify, a full certificate value is passed (to verify it isn't
already there). When doing a search or compare, the passed value is
in the syntax of the matching rule.
Consistency would require that the caller extracts an asserted value
from the full value before calling smr_match. It can do this by
calling smr_convert (it was unused, was it meant to be used for
this?).
Unfortunately, the caller is typically value_find, value_match, etc.
that have themselves little knowledge of what they are dealing with,
so their interface needs to be extended, new flag values or new
arguments, so that they know if they have a value in attribute type
syntax or in matching rule syntax.
Howard Chu [Fri, 19 Oct 2001 11:53:15 +0000 (11:53 +0000)]
Added new bdb_encode/bdb_decode functions, must #define BDB_USE_BINARY_RW
to activate. The bdb_decode works in-place on the db data. Add/Search are
OK, I think Modify needs to be tweaked. Don't use this yet unless you want
to help finish it.